b"    OFFICE OF INSPECTOR GENERAL\n\n\n\n\n            EVALUATION OF THE\nU.S. INTERNATIONAL TRADE COMMISSION'S\n          INFORMATION SECURITY\n         PROGRAM AND PRACTICES\n\n              Audit Report\n             01G- AR-02-02\n\n\n\n\n                             September 13,2002\n\x0cINSPECTOR GENERAL\n\n\n                                                                  10-Z-037\n\n\n\n\nUNITED STATES INTERNATIONAL TRADE COMMISSION\n\n                            WASHINGTON, D.C. 20436\n\n\n September 13, 2002\n\n MEMORANDUM\n\n TO:    THE COMMISSION\n\n We hereby submit Audit Report No. OIG-AR-02-02, Evaluation of the u.s.\n International Trade Commission's Information Security Program and Procedures,\n for the Commission's implementation of our recommendations. In accordance with\n the Government Information Security Reform Act (GISRA), and U.S. Office of\n Management and Budget (OMB) Memorandum M-02-09, this report supports the\n Office of Inspector General's independent evaluation of the Commission's\n information security program.\n\n Although the report identified a number of deficiencies, the Commission has taken\n important actions recently to improve information security. These include: filling the\n Chief Information Officer (CIO) position on an interim basis with an Acting CIO;\n conducting security awareness training classes with required attendance by all staff\n and contractor personnel; filling the Information Security (INFOSEC) Officer\n position; installing a network security warning banner; developing draft security plan\n and risk assessment templates; implementing physical access controls to the\n computer room; and drafting a system development life cycle (SDLC) methodology\n and program configuration management document.\n\n We found that the Commission had implemented only three of the 19\n recommendations from last year's audit of the information security program, with\n some additional progress on 14 recommendations. This year's audit made four\n recommendations for how the Commission might most effectively clear last year's\n unresolved recommendations and made 12 additional recommendations.\n\x0cI want to acknowledge the cooperation and courtesy shown to the Office of Inspector\nGeneral by all Office Directors during the conduct of this audit. In particular, the\nActing Chief Information Officer and the Information Security Officer were helpful\nin our work. Beginning last fall, they met weekly with us to discuss their strategy\nand progress toward improving the Commission's information security.\n\n\n                                                                Kenneth F. Clarke\n                                                                Inspector General\n\n\n\n\nThis is an excerpt of the official audit report issued to the Commission. Subsequent\ndistribution of the complete report is limited due to the sensitive nature of the\ninformation contained in it.\n\n\n\n\n                                         2\n\x0c"